It wasn’t long ago that fraudsters would have to visit a physical location to buy goods using a compromised credit card. In more recent times, fraudsters began to use compromised credit card numbers to buy online, to then have items shipped to a forwarding address.

This approach brought on a large amount of risk, as fraudsters would need to have the goods shipped to a customer, and then contact the carrier to have these items held in order to later pick them up.

Very crafty fraudsters would push these deliveries to a different location, or try to have them delivered to a PO box. However, this approach is very complicated and requires a certain savvyiness on the fraudster’s end in order to ensure success.

How fraudsters adapt

Now, we are seeing a new breed of fraudsters, ones who are completely at ease taking advantage of methods that make life easier for legitimate customers. One such case includes targeting a recent consumer phenomenon: buy online; pick up in store, or BOPIS, as it is commonly called.

When it comes to BOPIS, fraudsters may even be as brazen as to directly purchase the desired item inside the store, using valid information from a good customer, and picking it up minutes later as if they were the ones placing the order. This particular type of fraud has major implications for merchants, as it is essentially a CNP transaction in which the goods are delivered directly to the consumer within the store.

A huge risk liability for merchants

As these previously physical purchases transitioned to the CNP side, the liability in these cases also shifted, this time from the credit card company’s side right into the merchant’s end.

We’ve continued to see these trends in BOPIS orders within our network, after all, every online transactions, be it shipped goods or pick up in store, require an email address. A competent fraudster is incentivized to use a real, valid email address, as he will need to be able to track their purchase. More importantly, in a BOPIS case, that confirmation email will often be their proof of purchase, a frictionless way of proving they’ve purchased the item they are trying to claim.

Since we do see a higher risk level on those items that are picked up in store, we deploy specialized controls to tackle these trends, just as we tailor our controls affecting our customers who deal with digital goods.

These variables include:

  • Delivery Type
  • Delivery Speed
  • Product SKU(s)
  • Product Category

Digital goods do not need to be delivered or picked up, creating easy targets with immediate benefits, all while keeping risks minimal.

With continued advances in EMV technology, we’re consistently observing a decrease in fraudulent transactions that occur with in-person shopping. However, overall fraud rates are not declining; fraud is moving from the physical space into the CNP environment.

BOPIS ameliorates a lot of the risk involved in shipping directly to a physical address, making it a new “flavor of the moment” fraud type—a reliable and relatively riskless method of committing fraud.

As fraud continues to move away from brick-and-mortar stores and direct shipping cases, these additional fields become of paramount importance for stopping these newer, more efficient types of fraud.

I invite you to follow me on LinkedIn

Follow Emailage on LinkedIn and Twitter (@emailage)

Click here to discover how to get secure, intelligent risk assessment using an email address.